The company name (hereinafter referred to as the "company") establishes and discloses the following guidelines for personal information processing in order to protect the personal information of the information subject and to handle related grievances quickly and smoothly pursuant to Article 30 of the Personal Information Protection Act.
Article 1 (Purpose of Processing Personal Information)
The company processes personal information for the following purposes. The personal information being processed will not be used for any of the following purposes, and if the purpose of use is changed, necessary measures will be implemented, such as obtaining separate consent under Article 18 of the Personal Information Protection Act.
1. Sign up and manage homepage membership
Personal information is processed for the purpose of confirming membership intentions, identifying and certifying oneself according to the provision of membership services, maintaining and managing membership qualifications, preventing illegal use of services, checking consent of legal representatives when processing personal information for children under the age of 14.
2. Providing goods or services
Personal information is processed for the purpose of delivering goods, providing services, sending contracts and bills, providing content, providing customized services, personal authentication, age certification, payment and settlement of charges, and collecting bonds.
3. Complaint Handling
Personal information is processed for the purpose of identifying the complainant, checking the complaint, contacting and notifying the results of the processing, etc.
Article 2 (Processing and Holding Period of Personal Information)
① When the company holds personal information, collects personal information from the period of use, or the subject of information, the company processes and holds personal information within the period of use.
② Each personal information processing and holding period is as follows.
1. Sign-up and management of membership on the website: Until withdrawal from the website of the business operator/organization
However, in the case of the following reasons, until the relevant reasons are terminated
1) Where an investigation, investigation, etc. due to a violation of the relevant statutes is in progress, the relevant investigation shall be completed until the end of the investigation
2) Where the bond and debt relationship remains due to the use of the website, until the settlement of the relevant bond and debt relationship is made
2. Provision of goods or services: Until the completion of the supply of goods and services and the completion of payment and settlement of charges
However, if it falls under the following reasons, until the end of the relevant period:
1) Records on transactions, such as indication, advertisement, contract details, and performance, etc. under the Act on Consumer Protection in Electronic Commerce, etc
- Records on display and advertisement: June
- Records of withdrawal of contracts or subscriptions, payment, supply of goods, etc.: 5 years
- Records on the handling of consumer complaints or disputes: 3 years
2) Keeping data on confirmation of communication facts under Article 41 of the Communications Secret Protection Act
- Subscriber telecommunication date, start and end time, counterparty subscriber number, frequency of use, and location tracking data of the originating station: 1 year
- Computer communication, Internet log record data, access tracking data: 3 months
Article 3 (Provision of Personal Information to a Third Party)
① The company processes personal information of the data subject only within the scope specified in Article 1 (Purpose of Processing Personal Information), and provides personal information to third parties only if it falls under Article 17 of the Personal Information Protection Act, such as consent of the data subject and special provisions of the law.
② The company provides personal information to third parties as follows.
- Person who receives personal information:
- Purpose of using personal information of the recipient:
- Personal information items provided:
- Hold and use period of the recipient:
Article 4 (Entrustment of Personal Information Processing)
① For smooth personal information processing, the company entrusts personal information processing as follows.
1. Operation of a telephone counseling center
- Consignee (Consignee): OOO CS Center
- Contents of entrusted duties: telephone counseling, guidance of departments and employees, etc
2. Operation of the A/S center
- Consignee (Consignee): OOO Electronics
- Contents of entrusted work: Providing customer product A/S
② In accordance with Article 25 of the Personal Information Protection Act, the company stipulates in the contract documents such as prohibition of processing personal information, technical and administrative protection measures, restrictions on re-entrustment, management and damage compensation, and supervises whether the trustee handles personal information safely.
③ If the details of the entrusted work or the trustee changes, we will disclose it through this personal information processing policy without delay.
Article 5 (rights of users and legal representatives and how to exercise them)
① The information subject may exercise the following rights related to personal information protection against the company at any time:
1. Request for access to personal information
2. Request correction if there is an error, etc
3. Request for deletion
4. Request for suspension of processing
② The exercise of rights under paragraph (1) can be made in writing, by phone, e-mail, fax, etc. to the company, and the company will take action without delay.
③ If the information subject requests correction or deletion of personal information errors, etc., the company will not use or provide the personal information until the correction or deletion is completed.
④ The exercise of rights under paragraph (1) may be conducted through an agent, such as a legal representative of the information subject or a person entrusted. In this case, you must submit a power of attorney under attached Form 11 of the Enforcement Rules of the Personal Information Protection Act.
⑤ The information subject shall not infringe on the personal information and privacy of the information subject himself or others processed by the company in violation of relevant laws and regulations such as the Personal Information Protection Act.
Article 6 (personal information items processed)
The company is processing the following personal information items.
1. Sign up and manage homepage membership
2. Providing goods or services
3. In the process of using the Internet service, the following personal information items can be automatically generated and collected.
IP address, cookie, MAC address, service usage record, visit record, defect usage record, etc
Article 7 (destruction of personal information)
① If personal information becomes unnecessary, such as the expiration of the personal information retention period and the achievement of the purpose of processing, the company shall destroy the personal information without delay.
② If the personal information retention period agreed by the data subject has elapsed or the purpose of processing has been achieved, the personal information shall be transferred to a separate database (DB) or stored in a different storage place.
③ The procedures and methods of destroying personal information are as follows.
1. Destruction procedure
The company selects personal information that causes destruction and destroys personal information with the approval of the company's personal information protection manager.
2. Destruction method
The company destroys personal information recorded and stored in the form of an electronic file by using methods such as Low Level Format so that records cannot be reproduced, and destroys personal information recorded and stored in paper documents by shredder or incinerator.
Article 8 (Measures to secure the safety of personal information)
The company is taking the following measures to ensure the safety of personal information.
1. Management measures: Establishment and implementation of internal management plans, regular employee training, etc
2. Technical measures: Management of access rights, installation of access control systems, and unique identification information of personal information processing systems
etc. encryption, security program installation
3. Physical measures: Control access to computer rooms, data storage rooms, etc
Article 9 (Matters concerning the installation, operation, and rejection of an automatic personal information collection device)
① In order to provide individual customized services to users, the company uses 'cookie' to store usage information and call it up from time to time.
② Cookies are a small amount of information that the server (http) used to run the website sends to the user's computer browser and is sometimes stored on the user's computer's hard disk.
A. Purpose of using cookies: It is used to provide optimized information to users by identifying the type of visit and use of each service and website visited by users, popular search terms, security access, etc.
B. Installation, operation, and rejection of cookies: You can refuse to save cookies by setting options in the Tools > Internet Options > Privacy menu at the top of the web browser.
C. If you refuse to save cookies, it may be difficult to use customized services.
Article 10 (Personal Information Protection Manager)
① The company is responsible for handling personal information, and designates a personal information protection manager as follows to handle complaints and remedy damages by information subjects related to personal information processing.
▶ Person in charge of personal information protection
Contact point: , ,
※ You will be connected to the department responsible for privacy.
▶ Personal Information Protection Department
Department Name: OOO Team
Contact point: , ,
② The information subject can contact the personal information protection manager and the department in charge for all personal information protection inquiries, complaints, and damage relief that have occurred while using the company's service (or business). The company will answer and process the information subject's inquiries without delay.
-- Need to be modified to fit the site's production -->
Article 11 (Request for access to personal information)
The information subject may request the following departments to view personal information under Article 35 of the Personal Information Protection Act. The company will try to expedite the request for access to personal information by the information subject.
▶ Personal Information Access Request Receipt and Processing Department
Department name: OOO
Contact point: , ,
Article 12 (Method of remedy for infringement of rights and interests)
The information subject can inquire about damage relief and counseling for personal information infringement to the following institutions.
▶ Personal Information Infringement Reporting Center (operated by the Korea Internet & Security Agency)
- Responsible duties: reporting personal information infringement and applying for counseling
- Homepage: privacy.kisa.or.kr
- Phone: (without country code) 118
- Address: (58324) Personal Information Infringement Report Center on the 3rd floor of Jinheung-gil 9 (Bitgaram-dong 301-2), Naju-si, Jeollanam-do
▶ Personal Information Dispute Mediation Committee
- Responsible affairs: Application for dispute settlement of personal information, collective dispute settlement (civil resolution)
- Homepage: www.kopico.go.kr
- Phone: (without country number) 1833-6972
- Address: (03171) 4th floor of the Seoul Government Complex, 209, Sejong-daero, Jongno-gu, Seoul
▶ Cyber Crime Investigation Team of the Supreme Prosecutors' Office: 02-3480-3573 (www.spo.go.kr)
▶ National Police Agency Cyber Safety Bureau: 182 (http://cyberbureau.police.go.kr)
Article 13 (Implementation and change of personal information processing policy)
This personal information processing policy will be applied from January 1, 2020.